Input–output memory management unit

Some units also provide memory protection from faulty or malicious devices.

[1][2] The advantages of having an IOMMU, compared to direct physical addressing of the memory (DMA), include[citation needed]: For system architectures in which port I/O is a distinct address space from the memory address space, an IOMMU is not used when the CPU communicates with devices via I/O ports.

The disadvantages of having an IOMMU, compared to direct physical addressing of the memory, include:[4] When an operating system is running inside a virtual machine, including systems that use paravirtualization, such as Xen and KVM, it does not usually know the host-physical addresses of memory that it accesses.

This makes providing direct access to the computer hardware difficult, because if the guest OS tried to instruct the hardware to perform a direct memory access (DMA) using guest-physical addresses, it would likely corrupt the memory, as the hardware does not know about the mapping between the guest-physical and host-physical addresses for the given virtual machine.

The corruption can be avoided if the hypervisor or host OS intervenes in the I/O operation to apply the translations.

Comparison of the I/O memory management unit (IOMMU) to the memory management unit (MMU).